Ali Golestan
Ali Golestan

Reputation: 160

how to add multiple roles to an admin user in Apache tomcat 8?

Recently i've installed an apache tomcat 8. my tomcat-users.xml contains this:

<tomcat-users>
    <role rolename="admin-gui"/>
    <user username="tomcat" password="pass1234" roles="admin-gui"/>
</tomcat-users>

I want to enable openning manager app and server status on this user too. can anyone help me on this ?

Upvotes: 3

Views: 3955

Answers (1)

Sahil Ali
Sahil Ali

Reputation: 342

Adding multiple roles might be achieved by the following in tomcat-users XML file

<user username="craigmcc" password="secret" roles="standard,manager-script" />

The manager GUI is given access via the role "manager-gui". The server status is given via role "manager-script".

But the manager-script role is not provided with CSRF. Hence, it is not advisable to have one user with both GUI and SCRIPT roles.

In your Tomcat- check the error pages for 403. It has most of the details that i provided above.

NOTE: This is in reference to Tomcat 7.

Upvotes: 1

Related Questions